Companies increasingly seek digital business transformation. From a purely technology perspective, most pieces are in place for this transformation to occur. But too often, one thing is inhibiting the process: public cloud networking complexity.

The public cloud is becoming the new foundation for what the cloud does. Important things will continue to happen in on-premises data centres, intelligent edge devices, and branch offices. But more new enterprise applications are emerging whose centre of gravity is the public cloud.

Within public cloud networking, virtual private clouds (VPCs) and virtual private networks (VPNs) represent a significant operational challenge for most organizations. Already, they far out-number data centres and branch networks. In fact, I’ve heard colleagues at Amazon Web Services (AWS)—arguably the leader in public cloud—predict a fourfold increase in VPCs over the next three years.

As more enterprise applications are shifted to the public cloud, network traffic patterns are changing.

Instead of data flow being largely asymmetrical from the cloud (or Internet) down to users, now intelligent connected devices, machine learning, data analytics, and artificial intelligence applications are sending traffic back in the other direction, from the edge to the cloud. More and more, the receiving end of network traffic is the public cloud.

Unfortunately, networking complexity is inhibiting the process. Here’s why: The number of VPCs in public cloud infrastructures—whether AWS, Microsoft Azure, or Google Cloud Platform (GCP)—is exploding. But managing secure connections among VPCs is still daunting for most cloud and DevOps teams, regardless of their markets.

The challenges multiply for enterprises whose footprints span AWS, Azure and GCP public cloud environments. It’s increasingly common for companies to find themselves with multiple public clouds, often because different teams within the enterprise choose different public cloud providers based on best-of-breed products and services.

Enterprises with such multi-cloud architectures need their enterprise applications and workloads to run seamlessly everywhere, including between public clouds, between clouds and on-premises data centres, and to users.

Addressing this challenge requires a virtual cloud network architecture built specifically for modern cloud environments, where applications, users, and data are highly distributed. In such an architecture, the complexities of networking (think manual configuration, building VPN tunnels, and troubleshooting) are eliminated.

Next-generation secure public cloud networking makes public clouds, and their VPCs, interoperable. Engineers (but not necessarily highly skilled networking gurus) can create the applications they need to achieve their business outcomes—without worrying about how to move workloads between cloud resources.

The rewards of having the right public cloud networking in place can be dramatic. As an example, building a secure tunnel using traditional networking technologies might take eight hours or more; with secure public cloud networking of the kind offered by my company, a non-networking engineer can have a secure tunnel up and running in 15 minutes or less.

In a connected, cloud-based world, applications are inseparable from the networks they run on. Business outcomes are measured less in total cost of ownership (TCO) and return on investment (ROI) than in acceleration of innovation. Digital business transformation depends directly on the network, which is now a mandatory, foundational part of any business strategy.

To make digital business transformation a reality, companies need consistent cloud networking to connect the various segments of the cloud and the diverse edges. A modern public cloud networking architecture can help companies navigate more smoothly to the digital business transformation future they envision.

As cloud deployments have become more complex—with hybrid cloud environments growing in number and importance—networking technologies have not kept pace with advancements in cloud computing and storage. In fact, hybrid cloud networking has become a serious pain for enterprises across industries.

Fortunately, new approaches are emerging that will help IT teams better anticipate these issues, and to ultimately overcome the complexity and related project delays that currently plague them.

At a technical level, one problem is that on-premises, datacenter-based private cloud networks are built on complex, hardware-centric datacenter networking devices such as virtual local-area networks (VLANs), routing protocols, and private circuits. In contrast, public clouds such as Amazon Web Services (AWS) and Microsoft Azure provide virtual private cloud (VPC) and Internet-based connectivity that is dynamic, scalable, and elastic. But enterprises running multiple workloads on public clouds typically deploy each workload as an island in a separate VPC, generating a series of disjointed silos without any interconnection.

Networking alternatives offered so far—virtual routers, circuit-based approaches, home-grown legacy methodologies, or SD-WAN—fail to solve the fundamental challenge of enabling hybrid cloud networking to be as agile and elastic as cloud computing or cloud storage. These networking alternatives result in enterprises adding more expensive hardware, at times with reduced security, which impedes business agility and increases risk.

Clearly, enterprises need a modern approach to networking that is purpose-built for the cloud era.

Hybrid cloud ignores networking

Enterprises are turning to hybrid clouds, which integrate public and private cloud infrastructures, for reasons including application mobility between private and public clouds; on-demand access by DevOps to on-premises applications and data; and backup, disaster recovery, and high availability. As enterprises move more workloads to hybrid cloud infrastructures, they must be able to operate and manage their business applications regardless of the underlying network environment.

While the compute and storage aspects of the cloud have been made available as on-demand services, networking has not. This leaves many organisations struggling to extend traditional networking approaches to hybrid cloud. And it leaves DevOps teams, which are accustomed to moving at cloud speeds, unable to operate in hybrid cloud environments with the agility they require.

Managing traditional networking in the hybrid cloud today entails painstakingly slow, error-prone manual efforts. Connecting private clouds and public clouds involves multiple point-to-point networking and encryption technologies, including IPSEC VPN, SSL VPN, DirectConnect, ExpressRoute, and others. Coordinating these technologies adds complexity to the hybrid cloud network architecture and slows networking performance.

As a result, it can take several weeks to establish hybrid cloud connectivity. And even when the hybrid cloud is up and running, performing routine modify-add-delete change requests involves significant time and effort by highly skilled IT personnel.

For example, one Fortune 500 financial services enterprise ran into trouble when its strict change control processes collided with attempts to establish a hybrid cloud network. To get a connection to the cloud, it needed to open a ticket for the configuration change, review the ticket, test the change by networking experts, receive recommendations for the change, undergo review by the internal change review board, and schedule time to make the change. This process took months.

Traditional networking doesn’t scale in the hybrid cloud

Applying traditional networking technologies to hybrid cloud also requires deep networking technical skills, at a level that many companies lack, as well as coordination among multiple teams: networking, virtualization, cloud ops, security, compliance, etc.

Enterprise IT departments lacking the ability to seamlessly extend private cloud IP address spaces to the public cloud, or to securely connect the various clouds, can create hybrid cloud environments with gaps in end-to-end security. In addition, enterprises often find overlapping ranges between their assigned VPC and existing IP addresses. Sorting it out required one large enterprise to spend weeks performing IP management manually, using spreadsheets.

Not only is it impossible for IT to offer users the unified experience that hybrid cloud promises, current technologies prevent IT from operating with the speed or agility that developers demand from cloud environments, creating tension between IT and DevOps teams.

Because hybrid clouds currently consist of cobbled-together point tools and do it yourself scripts, scaling the hybrid cloud becomes very expensive. Operating costs rise exponentially as the hybrid cloud scales because there is no end-to-end network connectivity or performance visibility; no central location for logs and events; and no single console for controlling all the networking functions.

In the end, hybrid cloud implementations cannot deliver on the unified and agile experience that enterprises—or their DevOps teams, customers, or end users—expect from the cloud.

Overcoming cloud networking friction

Enterprises deploying a single application to a public cloud, or using an on-premises private cloud for all critical applications, might not notice networking issues. But as soon as an enterprise tries to run important applications in hybrid cloud environments, the challenges of networking across both public and private clouds become painfully obvious.

What’s needed is a new approach to networking developed specifically for the cloud: one that enables enterprises to set up and operate hybrid cloud networks that are secure, fast, and easy to implement; simple to operate; and far lower in cost and risk than existing technologies.

Such a purpose-built hybrid cloud network must:

• Be fully automated, so that even personnel without networking technical skills can deploy and manage hybrid cloud applications
• Connect clouds in minutes, not weeks, ideally using a browser-based interface and a few simple clicks
• Offer end-to-end security across private and public clouds
• Have centralised visibility across an enterprise’s entire hybrid cloud environment
• Use standard developer tools and work with all major cloud platforms
• Provide a software-only solution, so that enterprises need not invest in new networking equipment or reconfigure existing edge routers

Only a cloud networking approach built specifically for and from within the cloud can deliver hybrid cloud networking solutions able to overcome the friction of current hybrid cloud networking—so that enterprises can fully leverage the best of private and public cloud infrastructures while achieving the application flexibility and agility they need.